cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
5
Helpful
8
Replies
Hatto
Beginner

InterVlan Works but there's no internet

Hi, I'm kinda new with this, I have a Layer 3 switch, in which I have 2 vlan, Vlan 1 and Vlan 2
Vlan 1 has an IP: 192.168.1.201 255.255.255.0

Vlan 2: 192.168.2.1 255.255.255.0

each vlan has 1 PC on it

Vlan 1 has 192.168.1.90

Vlan 2 has 192.168.2.5

they have as Default gateway each vlan address, and works perfectly fine, after doing IP routing both can ping eachother and everything, BUT then I wanted to add an internet connection, since I want PC's on Vlan 1 to have internet, I put that connection in a port inside Vlan 1

Now, that connection has a default gateway 192.168.1.254, meaning that the PCs can't use the internet if they have their Vlans as default gateway, and if they do have 192.168.1.254 as default gateway, then they can't ping eachother.

what I tried is picking a port inside vlan 1 where the internet cable will go, make it no switchport, put an IP address like 192.168.3.1 255.255.255.0, and then do IP ROUTE 192.168.1.0 255.255.255.0 192.168.3.1

But it doesn't work because "Invalid next hop address"

I'm really stuck rn, I need the IPs of the PCs static so I don't think I will have to mess with the DHCP, maybe the solution is easy, but again, I'm kinda new with this, so any help is appreciated! 

 

8 REPLIES 8
Flavio Miranda
Advisor

Is it PacketTracer?  If this PK, attched the file and let us see.

Not PK, I'm working with a Catalyst 2960-L

paul driver
VIP Expert

Hello


@Hatto wrote:

BUT then I wanted to add an internet connection, since I want PC's on Vlan 1 to have internet, I put that connection in a port inside Vlan 1


Does your wan device have an ip address of 192.168.1.254?
Also your switch is performing L3 intervlan routing between vlan 1 & 2 so a default-gateway isnt applicable unless you disable ip routing
 and if you do that you will lose inter-vlan communication between the vlans.

 

What you do need is a default route pointing to the wan interface and ip.

 

example switch
conf t
ip routing
ip route 0.0.0.0 0.0.0.0 vlan 1 192.168.1.254

 

Lastly if your wan device does have the above ip address then i am assuming its performing NAT translation for internet access for vlan 1& 2?

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

the switch itself has this IPs 

900.png
The internet router I assume it has 192.168.1.254 because when I put that as default gateway on the PC's the internet works
 
I tried your IP route, the intervlan still works but still no internet 
 

I understand your description of vlan 1 and 2 and inter vlan routing, which is working. That is a good start.

I am not so clear about your description of Internet access. Can you help me understand:

- what device is providing Internet access?

- is the device providing Internet access configured to do Network Address Translation for your inside networks?

- do you want just 1 vlan to access the Internet or do you want both vlans to access the Internet? (The answer to this would be important in the configuration of NAT)

There are several approaches that you might use for Internet access:

1) The device providing Internet access could be connected to a port in vlan 1 (which you describe in the early part of the discussion). If you do this then devices in vlan 1 need to have their default gateway as the address of that Internet device. And the Internet device needs to have a route for the network of vlan 2 with the switch vlan 1 IP address as the next hop. In this situation vlan 1 would get Internet access directly using the Internet device. If vlan 2 needs Internet access then the switch needs a default route with the Internet device as the next hop. Inter vlan routing would have devices in vlan 1 wanting to communicate with vlan 2 would forward their packet to the Internet device which would use its route for vlan 2 to forward the packet to the switch vlan 1 address and the switch would forward to the destination. For devices in vlan 2 wanting to communicate with vlan 1 would forward their packet to the switch and the switch would forward directly to the destination.

2) The device providing Internet access could be connected to a port in a different vlan (vlan 3?) If you do this then devices in both vlan 1 and 2 need to have their default gateway as the appropriate switch vlan address. The switch would need a default route with the Internet device as the next hop. And the Internet device would need routes for the vlan subnets with the switch vlan 3 address as the next hop. Inter vlan routing is on the switch and is simply routing between connected subnets. Any traffic going to the Internet would be forwarded by the switch using the transit vlan to get to the Internet device.

HTH

Rick
Hatto
Beginner

About how I did everything, I pretty much followed this tutorial (https://community.cisco.com/t5/networking-videos/how-to-configure-intervlan-routing-on-layer-3-switches/ba-p/3103792), no more configurations beyond that if that helps

acampbell
Advocate

Hi,

Try like this:-

L3-Switch
##########


!
int vlan 1
desc VLAN1 PCs & Internet
192.168.1.201 255.255.255.0
no shut
!
!
!
int vlan 2
desc VLAN2 PCs Only
192.168.2.1 255.255.255.0
ip access-group INTERNAL-ONLY in
no shut
!
!
ip access-list ext INTERNAL-ONLY
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 192.168.1.254 name INTERNET
!

Regards, Alex. Please rate useful posts.

do I have to do it inside the vlan or in the interface of the port? 

image.png